Trust Store Management

Important Note

BB automatically manages trust store integration during setup. Manual management is only needed for troubleshooting or custom configurations.

What is a Trust Store?

A trust store is a system-level database of trusted Certificate Authority (CA) certificates. When BB creates its local CA certificate, it needs to be added to your system's trust store to:

  • Enable secure browser connections without warnings
  • Allow secure API communication
  • Maintain system security standards
  • Support WebSocket connections

Platform-Specific Locations

macOS

Trust store location:

  • System: /Library/Keychains/System.keychain
  • User: ~/Library/Keychains/login.keychain-db

Verification:

  1. Open Keychain Access application
  2. Look for "BB Local CA" in System or login keychain
  3. Certificate should show as trusted

Windows

Trust store location:

  • Certificates (Local Computer)
  • Trusted Root Certification Authorities

Verification:

  1. Press Win + R, type "certmgr.msc"
  2. Navigate to Trusted Root Certification Authorities > Certificates
  3. Look for "BB Local CA"

Linux

Trust store locations vary by distribution:

  • Ubuntu/Debian: /usr/local/share/ca-certificates/
  • Fedora/RHEL: /etc/pki/ca-trust/source/anchors/
  • Other: /etc/ssl/certs/

Verification:

# List installed certificates
ls -l /etc/ssl/certs/bb-local-ca.pem

# Check certificate details
openssl x509 -in /etc/ssl/certs/bb-local-ca.pem -text -noout

Trust Store Management

BB provides commands to manage trust store integration:

# Check trust store status
bb secure status

# Re-add certificate to trust store
bb secure trust

# Remove certificate from trust store
bb secure untrust

Security Best Practices

  • Only add certificates from trusted sources
  • Regularly review installed certificates
  • Remove unused or expired certificates
  • Keep your system's security tools updated
  • Monitor trust store changes

Common Issues

Permission Denied

Trust store updates often require administrator privileges. When prompted, enter your system password to allow the changes.

Certificate Not Trusted

If browsers don't trust the certificate, verify it's properly installed in your system's trust store using the platform-specific steps above.

Trust Store Updates

Some systems require a trust store update command after adding certificates. BB handles this automatically, but you can manually trigger it if needed.

Related Documentation

Advanced Trust Store Management

For advanced users who need manual trust store control:

  • Custom certificate installation paths
  • Manual trust store updates
  • Certificate pinning configuration
  • Trust store backup and restoration

See the CLI Documentation for advanced configuration options.